System security

In this section, we are dealing with configuration settings, login via secure HTTP, IP blocker, module security, and Safe Exam Browser integration.

Configuration security

There are a number of general configuration settings that potentially have an impact on the security of your system.

Accessibility of dataroot

In the Notifications screenshot at the beginning of the chapter, you must have probably spotted the warning that the dataroot directory is directly accessible via the Internet. Moodle requires additional space on a server to store uploaded files, such as, course documents and user pictures. The directory is called dataroot and must not be accessible via the Web. If this directory is accessible directly, unauthorized users can ...

Get Moodle 2 Administration now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.